Deeplinks Blog posts about Transparency

EFF recently began a new Campaign for Secure & Usable Crypto, with the aim of encouraging the creation and use of tools and protocols that not only offer genuinely secure messaging, but are also usable in practice by the humans who are most vulnerable to dangerous surveillance, including those who are not necessarily sophisticated computer users. The first phase of this campaign is the Secure Messaging Scorecard, which aims to identify messaging systems that are on the right track from a security perspective. In subsequent phases of the campaign, we plan to delve deeper into the usability and security properties of the tools that are doing best in the Scorecard. One crucial aspect of the Scorecard and the campaign is and will be code auditing. We've gotten a lot of questions about the auditing column in the Scorecard, so we thought it would be good to expand on it here.

Even the reports that are supposed to provide transparency about the FBI's use of national security lettters (NSLs) are secret—or at least a couple dozen pages of them are. NSLs are nonjudicial orders that allow the FBI to obtain information from companies, without a warrant, about their customers’ use of services. They almost always contain a gag order, which prohibits recipients from even saying they've received the request.

Two Office of the Inspector General (OIG) reports reviewing the FBI's use of NSLs from 2007 and 2008 were reissued earlier this week after having portions declassified. You can see the newly released versions of the 2007 report here and the 2008 report here.

Facebook scolded the Drug Enforcement Administration this week after learning that a narcotics agent had impersonated a user named Sondra Arquiett on the social network in order to communicate and gather intelligence on suspects. In a strongly worded letter to DEA head Michele Leonhart, Facebook’s Chief Security Officer Joe Sullivan reiterated that not only did the practice explicitly violate the site’s terms of service, but threatened Facebook’s trust-based social ecosystem.

Sullivan writes:

Facebook has long made clear that law enforcement authorities are subject to these policies. We regard the conduct to be a knowing and serious breach of Facebook’s terms and policies, and the account created by the agent in the Arquiett matter has been disabled.

The Electronic Frontier Foundation and the ACLU Foundation of Southern California are taking the fight over automatic license plate reader (ALPR) data to the next level by asking the California Court of Appeal to rule that the public has a right to know how Los Angeles cops are tracking their locations.

It's a sign of the times that online companies’ transparency reports are starting to include a new section: the Hall of Shame. Automattic, the company behind WordPress, is the latest to do so, highlighting examples of copyright and trademark overreach by prominent figures like Janet Jackson, as well as more local businesses, organizations, and individuals attempting to silence criticism and other noninfringing speech. It even highlighted one example we've written about—and even dedicated a short video to—in which a baked goods company misused trademark to go after bloggers talking about derby pie, a common regional dessert in the Southern U.S.